11a878e694813e9d7db8a13b17363a1d88cd79039863e5bb8ae89a57671ea4ba

Analysis

max time kernel
140s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12-02-2024 09:41

Target

96d9e3a844efe14b3a077b49fefc98f7.exe
Size

84KB
MD5

96d9e3a844efe14b3a077b49fefc98f7
SHA1

019c6f7bd0247410a980484628c301eeba1af676
SHA256

11a878e694813e9d7db8a13b17363a1d88cd79039863e5bb8ae89a57671ea4ba
SHA512

194e63fd3b3eff14783b793580312caac2665059f2a24973ec30ad7caf260e2a9bb229fadac36b3165abe364454eff24079e0cbeed6db8f9e0b6fab97f2a12c0
SSDEEP

1536:peTFeO0R7TAX1WpMW93IzVlTxvBGXz5yfa08lk2fTT0ERJi1TF:p4FeOBX14MWVIzDTxJGkS0wfTT0Ki1TF

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1728	2516	WerFault.exe	5

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2516 wrote to memory of 1728	2516	96d9e3a844efe14b3a077b49fefc98f7.exe	28
PID 2516 wrote to memory of 1728	2516	96d9e3a844efe14b3a077b49fefc98f7.exe	28
PID 2516 wrote to memory of 1728	2516	96d9e3a844efe14b3a077b49fefc98f7.exe	28
PID 2516 wrote to memory of 1728	2516	96d9e3a844efe14b3a077b49fefc98f7.exe	28

C:\Users\Admin\AppData\Local\Temp\96d9e3a844efe14b3a077b49fefc98f7.exe
"C:\Users\Admin\AppData\Local\Temp\96d9e3a844efe14b3a077b49fefc98f7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2516
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 88
  2⤵
  - Program crash
  PID:1728

memory/2516-0-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download